The topic you requested is included in another documentation set. For convenience, it's displayed below. Choose Switch to see the topic in its original location.
We recommend using Visual Studio 2017



The latest version of this topic can be found at __security_init_cookie.

Initializes the global security cookie.

void __security_init_cookie(void);  

The global security cookie is used for buffer overrun protection in code compiled with /GS (Buffer Security Check) and in code that uses exception handling. On entry to an overrun-protected function, the cookie is put on the stack, and on exit, the value on the stack is compared with the global cookie. Any difference between them indicates that a buffer overrun has occurred and causes immediate termination of the program.

Normally, __security_init_cookie is called by the CRT when it is initialized. If you bypass CRT initialization—for example, if you use /ENTRY to specify an entry-point—then you must call __security_init_cookie yourself. If __security_init_cookie is not called, the global security cookie is set to a default value and buffer overrun protection is compromised. Because an attacker can exploit this default cookie value to defeat the buffer overrun checks, we recommend that you always call __security_init_cookie when you define your own entry point.

The call to __security_init_cookie must be made before any overrun-protected function is entered; otherwise a spurious buffer overrun will be detected. For more information, see C Runtime Error R6035.

See the examples in C Runtime Error R6035.

RoutineRequired header

__security_init_cookie is a Microsoft extension to the standard C Runtime Library. For compatibility information, see Compatibility.

Not applicable. This function should only be called from native code, not managed code.

Compiler Security Checks In Depth